Is insecure-external-code-execution for Dependabot not secure?
GitHub Dependabot has an option called insecure-external-code-execution
.
This option, when combined with the registries
option, changes the behavior of whether or not dependency exeternal code execution succeeds.
In general, dependencies that make external requests are more likely to be malicious dependencies, and they should be prevented if possible.
As a countermeasure, there is an option called insecure-external-code-execution
.
However, I'm not sure what external execution is, so I'm asking about what is external code execution here.